RE: Potential bug in sshd

RE: Potential bug in sshd

[Rob Bosch]

Not sure about the error. Dave is cross-referencing
http://cygwin.com/ml/cygwin/2006-09/msg00194.html which doesn't show a
resolution.  What service account do you have sshd running under?  Are you
sure there are no permission issues with this account? 

I'd recommend only allowing ssh connections from known IP's at the firewall
level.  We see a lot of hack attempts from worms and malicious folks from
other countries trying to get into the ssh port.  Dave's right, passwords
will protect you but we just lock down the inbound IP's so we don't have to
worry about the hacking attempts.

The error is beyond my knowledge...sorry.

-----Original Message-----
From: Michael Sowka [mailto:msowka@gmail.com] 
Sent: Tuesday, September 12, 2006 8:42 AM
To: Rob Bosch
Subject: Re: Potential bug in sshd

Thanks Rob,

Ah yes, this explains the "zombie" processes as I cannot make actual
client connections.

Something is very bizarre with my cygwin setup here. I've noticed
other symptoms too: on reinstalling cygwin the info-update and cygwing
post-install scripts hang. In fact, after the cygwin install
supposedly finished, on logging out windows complained that 'cygwin
post-install scripts' were still up and it couldn't kill them.

So it seems that on attempting to connect the sshd thread hangs too
"unexpectedly closing the connection" or sometimes just hanging the
client.

To answer your question Rob, no I have not experienced any other
network problems, or unusually high traffic (this is my desktop
machine). Plus, I'm trying to do this from/to localhost.

! One thing I did notice as I was looking for logs to send in to the
list is that the System Events log is that recently I've had a barrage
of attempted break-ins via ssh (failed logins as root, admin, etc.). I
trust that OpenSSH is pretty solid, have experienced this before, and
don't make too much of it... but could this have melted my system?!

Finding useful info was easy enough (/var/log/ssh), here is an
excerpt. Speculation: this does seem to support the symptoms I'm
having (dropped connections from "worker" threads, no response, etc.).
I don't "read" Win32 logs but I have a hunch someone can ID this
problem on the spot.

   4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
- C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed
      2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32
error 0
     59 [main] sshd 4368 child_copy: linked dll data write copy
failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
487
3757715 [main] sshd 4368 child_copy: linked dll data write copy
failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
487
24253452 [main] sshd 4368 child_copy: linked dll data write copy
failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
487


HAS MY SYSTEM BEEN COMPROMISED?!

Mike

On 9/12/06, Rob Bosch <robbosch@msn.com> wrote:
> Sshd will spawn processes that deal with individual connections so even
> though you stop the service there may still be sshd processes running.
The
> way to tell if your sshd daemon is stopped is to run a netstat -a | find
> "ssh" | find "LISTEN".  This will only find sshd processes that are
> listening for new connections and not the ones that are established to
deal
> with existing ssh connections.
>
> I've experienced connection problems from time to time with sshd on
cygwin.
> Almost always this is either due to high load on the receiving server and
it
> just can't handle it, or a problem with the network connection.
>
> Are your connections all on the LAN or WAN?
>
>
>
>


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: Potential bug in sshd

[Dave Korn]

On 12 September 2006 16:58, Rob Bosch wrote:

>  Dave is cross-referencing
> http://cygwin.com/ml/cygwin/2006-09/msg00194.html 


  :)  That's a slightly roundabout way of saying "replying to"!

  (Well, actually, it doesn't mean the same thing at all ...)

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Potential bug in sshd

[Michael Sowka]

Dave,

>   BTW, if you have a Logitech webcam, now would be a good time to disable the
> associated "Logitech Process Monitor" service.  Or is there anything else by
> the way of hardware/software that you've installed just recently?
YOU NAILED IT

That was my next step... couple of days ago I wasted a good deal of
time trying to install QuickCam drivers and software. I never managed
to get the camera working. From the experience and from googling
around I don't have the best impression of Logitech software and had a
hunch that may be it.

Turned off LPM service and my sshd works!

I don't suppose You know how to get the actual camera working (pointer
to a website)? ;)

THANKS,
Mike

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Potential bug in sshd

[Tristen Hayfield]

Michael Sowka wrote:
> Thanks Rob,
> 
> Ah yes, this explains the "zombie" processes as I cannot make actual
> client connections.
> 
> Something is very bizarre with my cygwin setup here. I've noticed
> other symptoms too: on reinstalling cygwin the info-update and cygwing
> post-install scripts hang. In fact, after the cygwin install
> supposedly finished, on logging out windows complained that 'cygwin
> post-install scripts' were still up and it couldn't kill them.

I have had this problem too before with hanging scripts. After looking
at the offending scripts, I determined that they all had for-loops, and
they were hanging while executing them.  I then reformatted the
for-loops from:
for file in ${glob}; do
...

to:
for file in ${glob}
   do
...

and they worked. Give it a try, but of course, since I can't claim to
understand the cause of this issue, YMMV.

Tristen



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: Potential bug in sshd

[Rob Bosch]

Sorry, I thought it was a different thread but that whole copy/pasting
thing, I've always struggled with it! :)

Rob

On 12 September 2006 16:58, Rob Bosch wrote:

>  Dave is cross-referencing
> http://cygwin.com/ml/cygwin/2006-09/msg00194.html 


  :)  That's a slightly roundabout way of saying "replying to"!

  (Well, actually, it doesn't mean the same thing at all ...)

    cheers,
      DaveK


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

RE: Potential bug in sshd

[Dave Korn]

On 12 September 2006 15:43, Michael Sowka wrote:


> ! One thing I did notice as I was looking for logs to send in to the
> list is that the System Events log is that recently I've had a barrage
> of attempted break-ins via ssh (failed logins as root, admin, etc.). I
> trust that OpenSSH is pretty solid, have experienced this before, and
> don't make too much of it... but could this have melted my system?!

  Very very unlikely.  The failed logins are simple crude automated
bruteforceing worms out there; they've got a list of common passwords and a
list of common usernames and they try every combination.  If your password
isn't something fairly obvious, you'll be fine.

> Finding useful info was easy enough (/var/log/ssh), here is an
> excerpt. Speculation: this does seem to support the symptoms I'm
> having (dropped connections from "worker" threads, no response, etc.).
> I don't "read" Win32 logs but I have a hunch someone can ID this
> problem on the spot.
> 
>   4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
> - C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed
>      2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32
>     error 0 59 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 3757715 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487
> 24253452 [main] sshd 4368 child_copy: linked dll data write copy
> failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
> 487

  Did you try rebaseall yet?  These are basically the standard cygwin errors
that you get when something is causing the process memory space of a child
process to not match the layout of the parent processes address space.

> HAS MY SYSTEM BEEN COMPROMISED?!

  Not the slightest reason to belive so from anything you've described so far.
Don't panic!

  BTW, if you have a Logitech webcam, now would be a good time to disable the
associated "Logitech Process Monitor" service.  Or is there anything else by
the way of hardware/software that you've installed just recently?

    cheers,
      DaveK
-- 
Can't think of a witty .sigline today....


--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Potential bug in sshd

[Michael Sowka]

Thanks Rob,

Ah yes, this explains the "zombie" processes as I cannot make actual
client connections.

Something is very bizarre with my cygwin setup here. I've noticed
other symptoms too: on reinstalling cygwin the info-update and cygwing
post-install scripts hang. In fact, after the cygwin install
supposedly finished, on logging out windows complained that 'cygwin
post-install scripts' were still up and it couldn't kill them.

So it seems that on attempting to connect the sshd thread hangs too
"unexpectedly closing the connection" or sometimes just hanging the
client.

To answer your question Rob, no I have not experienced any other
network problems, or unusually high traffic (this is my desktop
machine). Plus, I'm trying to do this from/to localhost.

! One thing I did notice as I was looking for logs to send in to the
list is that the System Events log is that recently I've had a barrage
of attempted break-ins via ssh (failed logins as root, admin, etc.). I
trust that OpenSSH is pretty solid, have experienced this before, and
don't make too much of it... but could this have melted my system?!

Finding useful info was easy enough (/var/log/ssh), here is an
excerpt. Speculation: this does seem to support the symptoms I'm
having (dropped connections from "worker" threads, no response, etc.).
I don't "read" Win32 logs but I have a hunch someone can ID this
problem on the spot.

  4864 [main] sshd 8156 C:\cygwin\usr\sbin\sshd.exe: *** fatal error
- C:\cygwin\usr\sbin\sshd.exe: *** recreate_mmaps_after_fork_failed
     2 [main] sshd 8144 child_info::sync: wait failed, pid 8156, Win32 error 0
    59 [main] sshd 4368 child_copy: linked dll data write copy
failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
487
3757715 [main] sshd 4368 child_copy: linked dll data write copy
failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
487
24253452 [main] sshd 4368 child_copy: linked dll data write copy
failed, 0x3EC000..0x3EC040, done 0, windows pid 2276036, Win32 error
487


HAS MY SYSTEM BEEN COMPROMISED?!

Mike

On 9/12/06, Rob Bosch <robbosch@msn.com> wrote:
> Sshd will spawn processes that deal with individual connections so even
> though you stop the service there may still be sshd processes running.  The
> way to tell if your sshd daemon is stopped is to run a netstat -a | find
> "ssh" | find "LISTEN".  This will only find sshd processes that are
> listening for new connections and not the ones that are established to deal
> with existing ssh connections.
>
> I've experienced connection problems from time to time with sshd on cygwin.
> Almost always this is either due to high load on the receiving server and it
> just can't handle it, or a problem with the network connection.
>
> Are your connections all on the LAN or WAN?
>
>
>
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Potential bug in sshd

[Rob Bosch]

Sshd will spawn processes that deal with individual connections so even
though you stop the service there may still be sshd processes running.  The
way to tell if your sshd daemon is stopped is to run a netstat -a | find
"ssh" | find "LISTEN".  This will only find sshd processes that are
listening for new connections and not the ones that are established to deal
with existing ssh connections.

I've experienced connection problems from time to time with sshd on cygwin.
Almost always this is either due to high load on the receiving server and it
just can't handle it, or a problem with the network connection.  

Are your connections all on the LAN or WAN?  




--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Potential bug in sshd

[Michael Sowka]

Sorry about the double-post everyone. Because I sent the first email
from a non list-registered address and assumed it wouldn't get
through, I resent it from the address that I actually registered with
Sorry, Mike

On 9/11/06, Christopher Faylor <cgf-no-personal-reply-please@cygwin.com> wrote:
> Please don't send the same message twice.
>
> On Mon, Sep 11, 2006 at 11:39:53AM -0400, Michael Sowka wrote:
> >... just when I thought I was nicely settled with WinXP and Cygwin
> >(being obligated to use Windows, cygwin makes the experience more
> >bearable ;) )...
> >
> >I don't consider myself a newbie, but we'll soon find out. I've
> >installed cygwin on a number of computers I frequently 'ssh'/'scp'
> >to/from. The setup is straight forward (time saving guide here:
> >http://pigtail.net/LRP/printsrv/cygwin-sshd.html). Other than the time
> >when I tried to change user groups manually and had to revert back to
> >get sshd working again, things have been running smooth.
> >[snip]
> >Problem reports:       http://cygwin.com/problems.html
>
> If you are having problems with the instructions you found at a web
> site you should contact the person responsible for the instructions:
>
> nfong AT pigtail DOT net.
>
> cgf
>

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Re: Potential bug in sshd

[Christopher Faylor]

Please don't send the same message twice.

On Mon, Sep 11, 2006 at 11:39:53AM -0400, Michael Sowka wrote:
>... just when I thought I was nicely settled with WinXP and Cygwin
>(being obligated to use Windows, cygwin makes the experience more
>bearable ;) )...
>
>I don't consider myself a newbie, but we'll soon find out. I've
>installed cygwin on a number of computers I frequently 'ssh'/'scp'
>to/from. The setup is straight forward (time saving guide here:
>http://pigtail.net/LRP/printsrv/cygwin-sshd.html). Other than the time
>when I tried to change user groups manually and had to revert back to
>get sshd working again, things have been running smooth.
>[snip]
>Problem reports:       http://cygwin.com/problems.html

If you are having problems with the instructions you found at a web
site you should contact the person responsible for the instructions:

nfong AT pigtail DOT net.

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

Potential bug in sshd

[Michael Sowka]

Hello,

... just when I thought I was nicely settled with WinXP and Cygwin
(being obligated to use Windows, cygwin makes the experience more
bearable ;) )...

I don't consider myself a newbie, but we'll soon find out. I've
installed cygwin on a number of computers I frequently 'ssh'/'scp'
to/from. The setup is straight forward (time saving guide here:
http://pigtail.net/LRP/printsrv/cygwin-sshd.html). Other than the time
when I tried to change user groups manually and had to revert back to
get sshd working again, things have been running smooth.

Until, today my work desktop decided to spontaneously stop serving me ssh.

Symptoms on the client side (putty from/to localhost, eliminating
network problems) vary:
- "Server unexpectedly closed network connection"
- or simply times out

When I 'net stop sshd' it stops "successfully" but then starting again
fails. On inspecting Task Manager I find that sshd is still running
:|. Ending the process, starting sshd service again has no effect.

I have gone as far as cleaning out cygwin from my system, completely
following the guide in the FAQ, and reinstalling to no effect. This
makes me think that there must be some glitch/registry setting/new
software I installed that's triggering some fault in cygwin/sshd.

I have the latest cygwin, but here are the obligatory version numbers:
cygwin : 1.5.21-2
openssh 4.3p2-3

Please tell me where to pull logs / debugging output from and I will
send them your way.

Thanks,
Mike

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/